From d497d6a1db9d561ef53bd4e9034de98ed4e11e80 Mon Sep 17 00:00:00 2001
From: Ryan ZHAO <ryanzhaors@qq.com>
Date: Mon, 3 Feb 2020 15:46:58 +1100
Subject: [PATCH] enable session restore and sync messages with sealed sender

---
 .../src/Messages/OWSMessageSender.m           | 24 +++++++++++++++----
 .../src/Messages/UD/OWSUDManager.swift        | 18 ++++++++++++++
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/SignalServiceKit/src/Messages/OWSMessageSender.m b/SignalServiceKit/src/Messages/OWSMessageSender.m
index cdffbf5fc..609b79b33 100644
--- a/SignalServiceKit/src/Messages/OWSMessageSender.m
+++ b/SignalServiceKit/src/Messages/OWSMessageSender.m
@@ -932,7 +932,12 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
     message.skipSave = YES;
     SignalRecipient *recipient = [[SignalRecipient alloc] initWithUniqueId:hexEncodedPublicKey];
     NSString *userHexEncodedPublicKey = OWSIdentityManager.sharedManager.identityKeyPair.hexEncodedPublicKey;
-    return [[OWSMessageSend alloc] initWithMessage:message thread:thread recipient:recipient senderCertificate:nil udAccess:nil localNumber:userHexEncodedPublicKey success:^{ } failure:^(NSError *error) { }];
+    SMKSenderCertificate *senderCertificate = [self.udManager getSenderCertificate];
+    OWSUDAccess *theirUDAccess = nil;
+    if (senderCertificate != nil) {
+        theirUDAccess = [self.udManager udAccessForRecipientId:recipient.recipientId requireSyncAccess:YES];
+    }
+    return [[OWSMessageSend alloc] initWithMessage:message thread:thread recipient:recipient senderCertificate:senderCertificate udAccess:theirUDAccess localNumber:userHexEncodedPublicKey success:^{ } failure:^(NSError *error) { }];
 }
 
 - (OWSMessageSend *)getMultiDeviceFriendRequestMessageForHexEncodedPublicKey:(NSString *)hexEncodedPublicKey
@@ -950,7 +955,12 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
     message.skipSave = YES;
     SignalRecipient *recipient = [[SignalRecipient alloc] initWithUniqueId:hexEncodedPublicKey];
     NSString *userHexEncodedPublicKey = OWSIdentityManager.sharedManager.identityKeyPair.hexEncodedPublicKey;
-    return [[OWSMessageSend alloc] initWithMessage:message thread:thread recipient:recipient senderCertificate:nil udAccess:nil localNumber:userHexEncodedPublicKey success:^{ } failure:^(NSError *error) { }];
+    SMKSenderCertificate *senderCertificate = [self.udManager getSenderCertificate];
+    OWSUDAccess *theirUDAccess = nil;
+    if (senderCertificate != nil) {
+        theirUDAccess = [self.udManager udAccessForRecipientId:recipient.recipientId requireSyncAccess:YES];
+    }
+    return [[OWSMessageSend alloc] initWithMessage:message thread:thread recipient:recipient senderCertificate:senderCertificate udAccess:theirUDAccess localNumber:userHexEncodedPublicKey success:^{ } failure:^(NSError *error) { }];
 }
 
 - (void)sendMessageToDestinationAndLinkedDevices:(OWSMessageSend *)messageSend
@@ -1651,12 +1661,18 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
     [self.dbConnection readWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
         recipient = [SignalRecipient markRecipientAsRegisteredAndGet:recipientId transaction:transaction];
     }];
+    
+    SMKSenderCertificate *senderCertificate = [self.udManager getSenderCertificate];
+    OWSUDAccess *theirUDAccess = nil;
+    if (senderCertificate != nil) {
+        theirUDAccess = [self.udManager udAccessForRecipientId:recipient.recipientId requireSyncAccess:YES];
+    }
 
     OWSMessageSend *messageSend = [[OWSMessageSend alloc] initWithMessage:sentMessageTranscript
         thread:message.thread
         recipient:recipient
-        senderCertificate:nil
-        udAccess:nil
+        senderCertificate:senderCertificate
+        udAccess:theirUDAccess
         localNumber:self.tsAccountManager.localNumber
         success:^{
             OWSLogInfo(@"Successfully sent sync transcript.");
diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
index 277fc6681..cdb3b5d99 100644
--- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
+++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
@@ -100,6 +100,9 @@ public class OWSUDAccess: NSObject {
     func shouldAllowUnrestrictedAccessLocal() -> Bool
     @objc
     func setShouldAllowUnrestrictedAccessLocal(_ value: Bool)
+    
+    @objc
+    func getSenderCertificate() -> SMKSenderCertificate?
 }
 
 // MARK: -
@@ -432,6 +435,21 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
             seal.fulfill((certificateData: certificateData, certificate: certificate))
         }
     }
+    
+    @objc
+    public func getSenderCertificate() -> SMKSenderCertificate? {
+        do {
+            let sender = OWSIdentityManager.shared().identityKeyPair()?.hexEncodedPublicKey
+            let certificate = SMKSenderCertificate(senderDeviceId: OWSDevicePrimaryDeviceId, senderRecipientId: sender!)
+            guard self.isValidCertificate(certificate) else {
+                throw OWSUDError.invalidData(description: "Invalid sender certificate returned by server")
+            }
+            return certificate
+        } catch {
+            Logger.error("\(error)")
+            return nil
+        }
+    }
 
     private func requestSenderCertificate() -> Promise<(certificateData: Data, certificate: SMKSenderCertificate)> {
         return firstly {